Privacy Policy
Last updated: 2026-07-09
1. Introduction
Parsivex ("Parsivex," "we," "us," or "our") is operated by Parsivex ApS, a company registered in Denmark at Erantisvej 5, 2970 Hørsholm, Denmark ("Company"). This Privacy Policy explains what information we collect when you use our website and application (together, the "Service"), how we use it, who we share it with, and the choices you have.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
Account information
When you sign up, we collect your name, email address, and authentication details via our identity provider, Auth0. We do not store your password ourselves.
AWS connection information
To run a scan, you grant Parsivex a read-only IAM role in your AWS account. We store only the Role ARN and External ID for that connection — never long-term AWS credentials. When we access your account, we call AWS AssumeRole to obtain temporary credentials that expire within one hour. See our Security & Trust page for the exact IAM policy we request.
Scan and report data
We store aggregated cost and resource data collected during a scan — findings, estimated savings, and resource metadata such as "this EC2 instance is idle" — to generate your report. We do not store the contents of your S3 buckets, application secrets, or environment variables; the IAM policy we request does not grant access to them.
Billing information
If you subscribe to a paid plan, payment is processed by Stripe. We do not store your card number or other payment credentials — Stripe handles that data directly under its own privacy policy.
Communications and support data
If you email us, use in-app chat (paid plans), or contact support, we retain that correspondence to respond to you and improve the Service.
Usage and analytics data
We use limited, privacy-respecting analytics (currently Vercel Analytics for aggregate pageview statistics) to understand how the Service is used. See Section 8 for more on analytics.
Cookies
We use essential cookies required for authentication and session management. We do not use third-party advertising cookies.
3. How We Use Information
We use the information above to:
- Provide, operate, and maintain the Service, including running scans and generating reports
- Process payments and manage subscriptions
- Send transactional emails, such as scan started, scan complete, and billing receipts, and, if you opt in, product updates
- Detect and prevent abuse, fraud, and violations of our Terms of Service, for example through rate limiting and blocking disposable email addresses at signup
- Diagnose and fix errors, using Sentry error tracking, which may capture technical details such as stack traces
- Comply with legal obligations
4. Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases: performance of a contract (providing the Service you signed up for), legitimate interests (securing the Service, preventing abuse, improving the product), and consent (where required, for example certain marketing communications).
5. Who We Share Data With
We share data with the following categories of service providers ("subprocessors"), each bound by their own data protection obligations:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing and subscription billing |
| Auth0 | Authentication and identity management |
| Resend | Transactional email delivery |
| Sentry | Error monitoring and diagnostics |
| Vercel | Application hosting and pageview analytics |
| Amazon Web Services | Infrastructure used to run scans against the AWS account you connect |
We do not sell your personal information, and we do not share your AWS resource data with advertising or data-broker platforms.
We may also disclose information if required by law, to protect the rights and safety of Parsivex or others, or in connection with a merger, acquisition, or sale of assets, in which case we will notify you.
6. International Data Transfers
Our subprocessors may process data outside your country of residence, including in the United States. Where required, we rely on appropriate safeguards, such as Standard Contractual Clauses, for these transfers.
7. Data Retention
| Data type | While your AWS connection is active | After you revoke AWS access | After you delete your account |
|---|---|---|---|
| Scan results and findings | Retained | Retained until account deletion | Permanently deleted |
| Report PDFs | Retained | Retained until account deletion | Permanently deleted |
| AWS connection (Role ARN, External ID) | Retained | Removed if you delete the connection | Permanently deleted |
| Chat conversations (paid plans) | Retained | Retained until account deletion | Permanently deleted |
Deleting your Parsivex account does not delete the IAM role in your AWS account — you must remove that separately from the AWS IAM console. See Revoking Parsivex access.
8. Analytics and Future Instrumentation
We currently use Vercel Analytics for aggregate, privacy-respecting pageview statistics. We may introduce event-level product analytics, for example to understand which parts of the free scan flow lead to an upgrade, using a similarly privacy-conscious provider. If we do, we will update this policy and, where required, provide notice or obtain consent before enabling such tracking for EEA/UK users.
9. Your Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Receive a copy of your data in a portable format
- Withdraw consent at any time, where processing is based on consent
You can delete your own account and data at any time from Settings → Danger zone → Delete account, or by emailing hello@parsivex.com.
10. Data Security
We use industry-standard safeguards, including encryption in transit (TLS) and at rest, a read-only-by-design AWS integration, and an External ID to prevent confused-deputy attacks. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
11. Children's Privacy
The Service is not directed to individuals under 16, and we do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The "Last updated" date on this page reflects the most recent revision.
13. Contact Us
Questions about this Privacy Policy or your data can be sent to hello@parsivex.com, or by mail to Parsivex ApS, Erantisvej 5, 2970 Hørsholm, Denmark.